[Mimedefang] CLSID extension vulnerabilities

Michael McCarthy m.mccarthy at psy.uq.edu.au
Wed May 22 20:40:28 EDT 2002

GFI have an interesting email security system test 
(http://www.gfi.com/emailsecuritytest/) if you want to test out your 
mimedefang-filter against a few of the more esoteric Windows exploits.

In particular it sends a test attachment with a CLSID extension

eg. viewthis.jpg.{73a4c9c1-d68d-11d0-98bf-00a0c90dc8d9}

Regardless of its Folder options View settings, Explorer displays the 
filename as viewthis.jpg even though it could be an executable object (in 
their demo it is and it creates a file on your desktop).

The point is that my mimedefang-filter didn't block this attachment. I'd 
suggest modifying filter_bad_filename in the sample filter to

sub filter_bad_filename {
     my($entity) = @_;
     return re_match($entity, 


Michael McCarthy
IT Manager
School of Psychology
The University of Queensland
+617 3365 6687

More information about the MIMEDefang mailing list